[CONSRV]

- Fix buffer overflows

svn path=/trunk/; revision=64661

diff --git a/reactos/win32ss/user/winsrv/consrv/frontends/gui/conwnd.c b/reactos/win32ss/user/winsrv/consrv/frontends/gui/conwnd.c
index 4a5102f..9bab8f9 100644 (file)
--- a/reactos/win32ss/user/winsrv/consrv/frontends/gui/conwnd.c
+++ b/reactos/win32ss/user/winsrv/consrv/frontends/gui/conwnd.c
@@ -627,9 +627,8 @@ InitFonts(PGUI_CONSOLE_DATA GuiData,
      */
     if (FaceName != GuiData->GuiInfo.FaceName)
     {
      */
     if (FaceName != GuiData->GuiInfo.FaceName)
     {

-        SIZE_T Length = min(wcslen(FaceName) + 1, LF_FACESIZE); // wcsnlen

         wcsncpy(GuiData->GuiInfo.FaceName, FaceName, LF_FACESIZE);
         wcsncpy(GuiData->GuiInfo.FaceName, FaceName, LF_FACESIZE);

-        GuiData->GuiInfo.FaceName[Length] = L'\0'; // NULL-terminate
+        GuiData->GuiInfo.FaceName[LF_FACESIZE - 1] = UNICODE_NULL;

     }
     GuiData->GuiInfo.FontFamily = FontFamily;
     GuiData->GuiInfo.FontSize   = FontSize;
     }
     GuiData->GuiInfo.FontFamily = FontFamily;
     GuiData->GuiInfo.FontSize   = FontSize;

diff --git a/reactos/win32ss/user/winsrv/consrv/frontends/gui/guisettings.c b/reactos/win32ss/user/winsrv/consrv/frontends/gui/guisettings.c
index f7d67ef..19d130e 100644 (file)
--- a/reactos/win32ss/user/winsrv/consrv/frontends/gui/guisettings.c
+++ b/reactos/win32ss/user/winsrv/consrv/frontends/gui/guisettings.c
@@ -83,9 +83,8 @@ GuiConsoleReadUserSettings(IN OUT PGUI_CONSOLE_INFO TermInfo,
 
         if (!wcscmp(szValueName, L"FaceName"))
         {
 
         if (!wcscmp(szValueName, L"FaceName"))
         {

-            SIZE_T Length = min(wcslen(szValue) + 1, LF_FACESIZE); // wcsnlen

             wcsncpy(TermInfo->FaceName, szValue, LF_FACESIZE);
             wcsncpy(TermInfo->FaceName, szValue, LF_FACESIZE);

-            TermInfo->FaceName[Length] = L'\0';
+            TermInfo->FaceName[LF_FACESIZE - 1] = UNICODE_NULL;

             RetVal = TRUE;
         }
         else if (!wcscmp(szValueName, L"FontFamily"))
             RetVal = TRUE;
         }
         else if (!wcscmp(szValueName, L"FontFamily"))


@@ -323,9 +322,8 @@ GuiConsoleShowConsoleProperties(PGUI_CONSOLE_DATA GuiData,
         /* GUI Information */
         pSharedInfo->TerminalInfo.Size = sizeof(GUI_CONSOLE_INFO);
         GuiInfo = pSharedInfo->TerminalInfo.TermInfo = (PGUI_CONSOLE_INFO)(pSharedInfo + 1);
         /* GUI Information */
         pSharedInfo->TerminalInfo.Size = sizeof(GUI_CONSOLE_INFO);
         GuiInfo = pSharedInfo->TerminalInfo.TermInfo = (PGUI_CONSOLE_INFO)(pSharedInfo + 1);

-        Length = min(wcslen(GuiData->GuiInfo.FaceName) + 1, LF_FACESIZE); // wcsnlen

         wcsncpy(GuiInfo->FaceName, GuiData->GuiInfo.FaceName, LF_FACESIZE);
         wcsncpy(GuiInfo->FaceName, GuiData->GuiInfo.FaceName, LF_FACESIZE);

-        GuiInfo->FaceName[Length] = L'\0';
+        GuiInfo->FaceName[LF_FACESIZE - 1] = UNICODE_NULL;

         GuiInfo->FontFamily = GuiData->GuiInfo.FontFamily;
         GuiInfo->FontSize   = GuiData->GuiInfo.FontSize;
         GuiInfo->FontWeight = GuiData->GuiInfo.FontWeight;
         GuiInfo->FontFamily = GuiData->GuiInfo.FontFamily;
         GuiInfo->FontSize   = GuiData->GuiInfo.FontSize;
         GuiInfo->FontWeight = GuiData->GuiInfo.FontWeight;


@@ -573,7 +571,9 @@ GuiApplyWindowsConsoleSettings(PGUI_CONSOLE_DATA GuiData,
     PCONSOLE_STATE_INFO pConInfo = NULL;
     CONSOLE_INFO     ConInfo;
     GUI_CONSOLE_INFO GuiInfo;
     PCONSOLE_STATE_INFO pConInfo = NULL;
     CONSOLE_INFO     ConInfo;
     GUI_CONSOLE_INFO GuiInfo;

+#if 0

     SIZE_T Length;
     SIZE_T Length;

+#endif

 
     if (!ConDrvValidateConsoleUnsafe(Console, CONSOLE_RUNNING, TRUE)) return;
 
 
     if (!ConDrvValidateConsoleUnsafe(Console, CONSOLE_RUNNING, TRUE)) return;
 


@@ -649,9 +649,8 @@ GuiApplyWindowsConsoleSettings(PGUI_CONSOLE_DATA GuiData,
 
 
         // Terminal information
 
 
         // Terminal information

-        Length = min(wcslen(pConInfo->FaceName) + 1, LF_FACESIZE); // wcsnlen

         wcsncpy(GuiInfo.FaceName, pConInfo->FaceName, LF_FACESIZE);
         wcsncpy(GuiInfo.FaceName, pConInfo->FaceName, LF_FACESIZE);

-        GuiInfo.FaceName[Length] = L'\0';
+        GuiInfo.FaceName[LF_FACESIZE - 1] = UNICODE_NULL;

 
         GuiInfo.FontFamily = pConInfo->FontFamily;
         GuiInfo.FontSize = pConInfo->FontSize;
 
         GuiInfo.FontFamily = pConInfo->FontFamily;
         GuiInfo.FontSize = pConInfo->FontSize;

diff --git a/reactos/win32ss/user/winsrv/consrv/frontends/gui/guiterm.c b/reactos/win32ss/user/winsrv/consrv/frontends/gui/guiterm.c
index 530b9ac..9a9b4b8 100644 (file)
--- a/reactos/win32ss/user/winsrv/consrv/frontends/gui/guiterm.c
+++ b/reactos/win32ss/user/winsrv/consrv/frontends/gui/guiterm.c
@@ -341,8 +341,6 @@ GuiInitFrontEnd(IN OUT PFRONTEND This,
     PGUI_CONSOLE_DATA GuiData;
     GUI_CONSOLE_INFO  TermInfo;
 
     PGUI_CONSOLE_DATA GuiData;
     GUI_CONSOLE_INFO  TermInfo;
 

-    SIZE_T Length = 0;
-

     if (This == NULL || Console == NULL || This->OldData == NULL)
         return STATUS_INVALID_PARAMETER;
 
     if (This == NULL || Console == NULL || This->OldData == NULL)
         return STATUS_INVALID_PARAMETER;
 


@@ -417,9 +415,8 @@ GuiInitFrontEnd(IN OUT PFRONTEND This,
      */
 
     // Font data
      */
 
     // Font data

-    Length = min(wcslen(TermInfo.FaceName) + 1, LF_FACESIZE); // wcsnlen

     wcsncpy(GuiData->GuiInfo.FaceName, TermInfo.FaceName, LF_FACESIZE);
     wcsncpy(GuiData->GuiInfo.FaceName, TermInfo.FaceName, LF_FACESIZE);

-    GuiData->GuiInfo.FaceName[Length] = L'\0';
+    GuiData->GuiInfo.FaceName[LF_FACESIZE - 1] = UNICODE_NULL;

     GuiData->GuiInfo.FontFamily     = TermInfo.FontFamily;
     GuiData->GuiInfo.FontSize       = TermInfo.FontSize;
     GuiData->GuiInfo.FontWeight     = TermInfo.FontWeight;
     GuiData->GuiInfo.FontFamily     = TermInfo.FontFamily;
     GuiData->GuiInfo.FontSize       = TermInfo.FontSize;
     GuiData->GuiInfo.FontWeight     = TermInfo.FontWeight;